A Los Angeles man on Friday admitted infecting 250,000 computers and stealing the identities of thousands of people by wiretapping their communications and accessing their bank accounts.
John Schiefer, 26, agreed to plead guilty to four counts of fraud and wiretap charges that could lead to a $1.75 million fine and send him to prison for up to 60 years, the Los Angeles U.S. Attorney's office said.
Prosecutors said Schiefer and an unspecified number of conspirators installed malicious computer codes that acted as a wiretap on compromised computers and intercepted messages to www.paypal.com and similar Web sites.
He retrieved usernames and passwords and used them to access an unknown number of bank accounts. Prosecutors said they were still investigating how much money was stolen and the number of victims.
They said Schiefer worked by day as an information security consultant but was a well-known "Botmaster" among the underground network of hackers skilled in so-called "botnet attacks."
A bot is a program that surreptitiously installs itself on computer so a hacker can control it. A botnet is a network of such computers that can harness their collective powers to wreak havoc.
In another scheme, Schiefer installed malicious codes on computers running Microsoft operating systems, causing them to disgorge usernames and passwords from a secure area that led him to access the victims' bank accounts.
Schiefer also admitted defrauding the Dutch Internet advertising company Simpel Internet, who signed him up as a consultant, of more than $19,000. He installed his spyware program on approximately 150,000 of the Dutch company's computers.
He is expected to be arraigned on December 3.